ISO in the Sun: PECB ISO/IEC 27005 Information Security Risk Manager
Starting dates and places
Description
This three-day course provides an overview to the principles of risk management in information security based on ISO/IEC 27005:2022, and how to apply the same across an organisation, eg for the context of certification to ISO/IEC 27001:2022.
Overview:
This three-day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes related to all assets of relevance for information security based on ISO/IEC 27005:2022.
ISO/IEC 27005:2022 builds onto the generic risk management principles set out in ISO 31000:2018, and applies those to the context of an information security management system (ISMS), thus providing a framework for s…
Frequently asked questions
There are no frequently asked questions yet. If you have any more questions or need help, contact our customer service.
This three-day course provides an overview to the principles of
risk management in information security based on ISO/IEC
27005:2022, and how to apply the same across an organisation, eg
for the context of certification to ISO/IEC 27001:2022.
Overview:
This three-day course enables participants to develop the necessary
expertise to support an organisation in implementing risk
management processes related to all assets of relevance for
information security based on ISO/IEC 27005:2022.
ISO/IEC 27005:2022 builds onto the generic risk management
principles set out in ISO 31000:2018, and applies those to the
context of an information security management system (ISMS), thus
providing a framework for satisfying the risk management
requirements of ISO/IEC 27001:2022.
The course consists of a mix of presentation, discussion and
exercises based on real-world examples.
Outline:
Introduction to Information Security Risk Management per ISO/IEC
27005:2022
Concepts and Definitions relating to Risk Management
Risk Management Standards, Frameworks and Methodologies
Implementation of a Risk Management Framework
Understanding an Organization and its Context
Elements of the Risk Management Framework
Risk Identification
Risk Analysis and Risk Evaluation
Risk Treatment
Risk Acceptance and Residual Risk Management
Risk Communication and Consultation
Risk Recording and Reporting
Risk Monitoring and Review
Examples of Risk Assessment Methodologies
Operational Critical Threat, Asset and Vulnerability Evaluation
(OCTAVE)
Harmonised Risk Analysis Method (MEHARI)
Expression of Needs and Identification of Security Objectives
(EBIOS)
NIST Framework
CCTA Risk Analysis and Management Method (CRAMM)
Harmonized Threat and Risk Assessment (TRA)
Objectives:
Completion of this course will enable students to:
Understand concepts, approaches, methods, tools and techniques for
effective information security risk management according to ISO/IEC
27005:2022
Understand the relationship between risk management, controls and
ISO/IEC 27001:2022
Implement, maintain and manage an ongoing
information security risk management program
Advise organisations on best practices in information security risk
management
Audience:
This course is aimed at students with (future) roles like:
Risk managers and Information security officers
Project managers, consultants and team members implementing and
operating information security management systems
Auditors requiring more risk management insight
Prerequisites:
General understanding of common business processes.
Some past exposure to risk management and / or management systems
helpful, but not required.
Examination and Certification:
The course includes access to PECB's two-hour exam available in
multiple languages to be taken online any time after the course
(own laptop required). Exam and first year certification fees are
included in the course fees.
This course is designed by PECB in Canada, who also mark the exam
and issue respective certifications as per their criteria. PECB is
a personnel certification body, accredited to ISO/IEC 17024:2012 by
IAS. See www.pecb.com for full details.
Individual as well as Integrated Management Systems addressing Risk, Information Security, Business Continuity, (IT) Services and other areas are getting ever more important for ever more organisations. As conformity with the respective ISO standards increasingly becomes a requirement to do business, management and their staff wonder how to get there.
ISO in the Sun is an ongoing series of courses on Risk, Information Security, Business Continuity, Service, Project and Integrated Management hosted by SoftQualM in the beautiful surroundings of Lanzarote in the Canary Islands, Spain. This is the ideal opportunity to combine your continuing professional education with a break in the sun, and even save compared to attending similar courses in the typical metropolitan settings. Students come from all kinds of industries and sizes of organisation, from freelance consultants and auditors to EU institutions.
Share your review
Do you have experience with this course? Submit your review and help other people make the right choice. As a thank you for your effort we will donate $1.- to Stichting Edukans.There are no frequently asked questions yet. If you have any more questions or need help, contact our customer service.